Quickstart
- In the app, create a Service (slug e.g.
openai) and add your provider keys. - Copy your Client Access Token from Settings.
- Call the API to get a key at runtime.
curl -s "https://botinbinary.com/keyrotator/api/next.php?service=openai&token=YOUR_TENANT_CLIENT_TOKEN&mask=1"
Add &mask=1 to mask the key in responses (recommended).
Endpoint
GET https://botinbinary.com/keyrotator/api/next.php
| Query | Required | Description |
|---|---|---|
service | Yes | Service slug you defined (e.g. openai). |
token | Yes* | Tenant client token, or use app_token if per-app tokens are enabled. |
app_token | No | Token of a client app (overrides token), if using per-app tokens. |
mask | No | 1 to mask the key in response. Demo always masks. |
Returns 200 JSON with the selected key and meta.
{
"service": "openai",
"key_label": "Primary",
"key": "sk-••••••••••••••••••••••••zzZZ",
"masked": true,
"policy": "manual",
"limits": {"max_daily_requests": 10000},
"meta": {"key_id": 123, "usage_today": 42}
}Examples
curl
curl -s "https://botinbinary.com/keyrotator/api/next.php?service=openai&token=YOUR_TENANT_CLIENT_TOKEN&mask=1"
Node (fetch)
const res = await fetch("https://botinbinary.com/keyrotator/api/next.php?service=openai&token=YOUR_TENANT_CLIENT_TOKEN&mask=1");
const data = await res.json();
const apiKey = data.key; // masked if mask=1 (recommended)Python (requests)
import requests
r = requests.get("https://botinbinary.com/keyrotator/api/next.php", params={"service":"openai","token":"YOUR_TENANT_CLIENT_TOKEN","mask":"1"})
data = r.json()
api_key = data["key"]Errors
| HTTP | Reason | Body |
|---|---|---|
| 400 | Missing params | {"error":"missing token or service"} |
| 403 | Bad token / IP not allowed | {"error":"invalid token"}, {"error":"ip not allowed"} |
| 404 | Unknown service | {"error":"unknown service"} |
| 429 | Daily limit / demo throttle | {"error":"service daily limit reached"} |
| 503 | No active keys | {"error":"no active keys"} |
| 500 | Decrypt error | {"error":"key decrypt failed"} |
Rotation Policies
- manual: You rotate when you want.
- time: Keys expire after N minutes (cron recommended).
- usage: Balances requests across active keys.
Rate Limits
Each service can define max_daily_requests. Demo traffic is additionally throttled per IP.
Security
- Keys encrypted (AES-256-GCM) at rest.
- Tenant isolation; token is per-tenant (or per-app if enabled).
- Optional IP allowlists per tenant/app.
- Prefer masked responses (
&mask=1).
Webhooks (optional)
Receive notifications like key.delivered, service.limit_reached. Configure in Settings → Webhooks.
Per-app tokens (optional)
Create multiple tokens per tenant application/env, each with its own allowlist & limits. Use app_token=... instead of token.
Try the demo
Use the demo token below (responses are masked):
curl -s "https://botinbinary.com/keyrotator/api/next.php?service=openai&token=52yseGC525k55YpyHUeAdoYrb77WYJ037sPHhQ&mask=1"